CVE-2017-1000367

Опубликовано: 30 мая 2017

Источник: redhat

CVSS3: 7.8

Описание

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-807

https://bugzilla.redhat.com/show_bug.cgi?id=1453074sudo: Privilege escalation in via improper get_process_ttyname() parsing

7.8 High

CVSS3

Связанные уязвимости

CVE-2017-1000367

CVSS3: 6.4

ubuntu

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2017-1000367

CVSS3: 6.4

nvd

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2017-1000367

CVSS3: 6.4

debian

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...

openSUSE-SU-2017:1455-1

suse-cvrf

больше 8 лет назад

Security update for sudo

SUSE-SU-2017:1450-1

suse-cvrf

больше 8 лет назад

Security update for sudo

7.8 High

CVSS3